From 044d25bcda06b95d83794252dc95372c1fe79e53 Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Mon, 6 Feb 2017 18:47:30 +0100 Subject: [PATCH] Sanitize patch format Regenerate the patches using --no-signature --zero-commit --no-numbered as it makes it easier to regenerate exactly the same patches on a different setup. --- ...nt-possible-DoS-attempts-during-protocol-handsh.patch | 7 ++----- ...-Prevent-integer-overflows-in-capability-checks.patch | 7 ++----- ...channel-Prevent-overflow-reading-messages-from-.patch | 9 +++------ 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch b/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch index 6c69395..bfd51c9 100644 --- a/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch +++ b/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch @@ -1,7 +1,7 @@ -From ec124b982abcd23364963ffcd4c370b1ec962fc9 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Tue, 13 Dec 2016 14:39:48 +0000 -Subject: [spice-server 1/3] Prevent possible DoS attempts during protocol +Subject: [spice-server] Prevent possible DoS attempts during protocol handshake The limit for link message is specified using a 32 bit unsigned integer. @@ -54,6 +54,3 @@ index 8ef4efe..e7ebc43 100644 reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); spice_warning("bad size %u", header->size); reds_link_free(link); --- -2.9.3 - diff --git a/0002-Prevent-integer-overflows-in-capability-checks.patch b/0002-Prevent-integer-overflows-in-capability-checks.patch index f245528..33a5263 100644 --- a/0002-Prevent-integer-overflows-in-capability-checks.patch +++ b/0002-Prevent-integer-overflows-in-capability-checks.patch @@ -1,7 +1,7 @@ -From e16eee1d8be00b186437bf61e4e1871cd8d0211a Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Tue, 13 Dec 2016 14:40:10 +0000 -Subject: [spice-server 2/3] Prevent integer overflows in capability checks +Subject: [spice-server] Prevent integer overflows in capability checks The limits for capabilities are specified using 32 bit unsigned integers. This could cause possible integer overflows causing buffer overflows. @@ -36,6 +36,3 @@ index e7ebc43..953a95a 100644 num_caps = link_mess->num_common_caps + link_mess->num_channel_caps; caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset); --- -2.9.3 - diff --git a/0003-main-channel-Prevent-overflow-reading-messages-from-.patch b/0003-main-channel-Prevent-overflow-reading-messages-from-.patch index 60610d9..24ceb53 100644 --- a/0003-main-channel-Prevent-overflow-reading-messages-from-.patch +++ b/0003-main-channel-Prevent-overflow-reading-messages-from-.patch @@ -1,8 +1,8 @@ -From 1d3e26c0ee75712fa4bbbcfa09d8d5866b66c8af Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Tue, 29 Nov 2016 16:46:56 +0000 -Subject: [spice-server 3/3] main-channel: Prevent overflow reading messages - from client +Subject: [spice-server] main-channel: Prevent overflow reading messages from + client Caller is supposed the function return a buffer able to store size bytes. @@ -27,6 +27,3 @@ index 24dd448..1124506 100644 } else { return main_chan->recv_buf; } --- -2.9.3 -